Simon Willison’s Weblog

Items tagged flash in Feb

Filters: Month: Feb × flash ×


CSRF: Flash + 307 redirect = Game Over. Here’s the exploit that Django and Rails both just released fixes for. It’s actually a flaw in the Flash player. Flash isn’t meant to be able to make cross-domain HTTP requests with custom HTTP headers unless the crossdomain.xml file on the other domain allows them to, but it turns out a 307 redirect (like a 302, but allows POST data to be forwarded) confuses the Flash player in to not checking the crossdomain.xml on the host it is being redirect to. # 10th February 2011, 10:07 pm

ClearMaps: A Mapping Framework for Data Visualization. An open source library for map visualisations using ActionScript, with an Adobe AIR based encoding tool for translating data from shapefiles in to vector data suitable for use with the library. # 28th February 2010, 3:52 pm

HTML5 video markup, compatibility and playback. Everything you need to know about embedding HTML5 video on a page, complete with multiple codecs to cover the various supporting browsers and a fallback to Flash. # 11th February 2010, 5:49 pm

Plupload (via) Fantastic new open source project from the team behind TinyMCE. Plupload offers a cross-browser JavaScript File uploading API that handles multiple file uploads, client-side progress meters, type filtering and even client-side image resizing and drag-and-drop from the desktop. It achieves all of this by providing backends for Flash, Silverlight, Google Gears, HTML5 and Browserplus and picking the most capable available option. # 10th February 2010, 12:53 pm

As has been pointed out by the community, there is an existing crash bug that was reported by Matthew Dempsky in the Flash Player bugbase (JIRA FP-677) in September of 2008 that still exists in the release players. It is fixed in Flash Player 10.1 beta, and has been since we launched the beta in early November 2009. [...] So what happened here? We picked up the bug as a crasher when it was filed on September 22, 2008, and were able to reproduce it. Remember that Flash Player 10 shipped in October 2008, so when this bug was reported we were pretty much locked and loaded for launch.

Emmy Huang, PM for Flash Player # 7th February 2010, 10:21 am

Regarding crashing, I can tell you that we don’t ship Flash with any known crash bugs, and if there was such a widespread problem historically Flash could not have achieved its wide use today.

Kevin Lynch # 7th February 2010, 10:19 am

SublimeVideo—HTML5 Video Player. Still a fair way to go (no Firefox support yet, and they plan to add a Flash fallback for IE) but in Safari this is pretty extraordinary. Smooth video, beautiful UI, full window mode and full screen mode in the latest WebKit nightlies. I’d go as far as saying that this is the nicest online video implementation I’ve seen (at least on the Mac). # 2nd February 2010, 9:50 am

swf Image Replacement. Really neat idea: unobtrusively replace an inline image with a SWF, then apply effects like rotation, rounded corners and drop-shadowns. Shame it suffers from Flash-Of-Unstyled-Content. # 27th February 2007, 7:51 pm

Flash MP3 Player. Nice little embeddable MP3 player, with support for single files or Atom/XSPF/RSS playlists. # 25th February 2007, 2:13 am